Commit | Line | Data |
---|---|---|
51de92a0 MW |
1 | Copied from Debian. |
2 | ||
3 | From: Petr Stodulka <pstodulk@redhat.com> | |
4 | Date: Mon, 14 Sep 2015 18:23:17 +0200 | |
5 | Subject: Upstream fix for heap overflow | |
6 | Bug-Debian: https://bugs.debian.org/802162 | |
7 | Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 | |
8 | Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002 | |
9 | Forwarded: yes | |
10 | ||
11 | --- | |
12 | crypt.c | 12 +++++++++++- | |
13 | 1 file changed, 11 insertions(+), 1 deletion(-) | |
14 | ||
15 | --- a/crypt.c | |
16 | +++ b/crypt.c | |
17 | @@ -465,7 +465,17 @@ | |
18 | GLOBAL(pInfo->encrypted) = FALSE; | |
19 | defer_leftover_input(__G); | |
20 | for (n = 0; n < RAND_HEAD_LEN; n++) { | |
21 | - b = NEXTBYTE; | |
22 | + /* 2012-11-23 SMS. (OUSPG report.) | |
23 | + * Quit early if compressed size < HEAD_LEN. The resulting | |
24 | + * error message ("unable to get password") could be improved, | |
25 | + * but it's better than trying to read nonexistent data, and | |
26 | + * then continuing with a negative G.csize. (See | |
27 | + * fileio.c:readbyte()). | |
28 | + */ | |
29 | + if ((b = NEXTBYTE) == (ush)EOF) | |
30 | + { | |
31 | + return PK_ERR; | |
32 | + } | |
33 | h[n] = (uch)b; | |
34 | Trace((stdout, " (%02x)", h[n])); | |
35 | } |